Fortigate

For the latest updates please refer to our Firewall Best Practices guide for the latest IP address ranges and services.

Connecting the Fortigate

In order to connect the Fortigate to the network:

  • Ensure the modem or other ISP provided equipment is in bridge mode. Anyone familiar with the local network setup will be able to assist with this.
  • Note: If the IP address is static, it will be necessary to load this information into the Fortigate.
  • Connect the router to the modem provided by the ISP, ensuring that it is the only device connected. All other devices will connect to the router or a switch connected to the router.
  • In most cases the router can be accessed locally at 192.168.1.99

Configuring Address and Service Object

  • Navigate to Policy & Objects
  • Scroll down and select the option Addresses
  • Fill in the options below like so:
    • Name: Cytracom
    • Color: blue [optional]
    • Type: IP Range
    • Subnet/IP Range: 209.105.249.194-209.105.249.252
    • Interface: Any
    • Show in Address List: (checked)
    • Comments: Cytracom VoIP [optional]
  • Adding a Tag is optional
  • Then hit OK at the bottom to save

fortigate_AddressObject.PNG

  • Then to create a service object navigate to Policy & Objects
  • Scroll down and select the option Services
  • Fill in the options below like so:
    • Name: Cytracom
    • Comments: VoIP Service [optional]
    • Color: Blue [optional]
    • Show in Service List: (checked)
    • Category: VoIP, Messaging & Other Applications
    • Protocol Type: TCP/UDP/SCTP
    • Address: IP Range -> 209.105.249.194-209.105.249.252
    • Destination Port
      • TCP 5060 - 5061
      • TCP 10000 - 30000
      • UDP 5060 - 5062
      • UDP 10000 - 30000
    • Specify Source Ports: (un-checked)
  • Then hit OK at the bottom to save

fortigate_Cytracom_service.png

Creating Incoming and Outgoing Policies

  • Then to create an Inbound and Outbound Policy navigate to Policy & Objects
  • Scroll down and select the option IPv4 Policy
  • Fill in the options below for the Inbound rule like so:
    • Name: Cytracom [Optional]
    • Incoming Interface: WAN
    • Outgoing Interface: LAN
    • Source: Cytracom
    • Destination: all
    • Schedule: always
    • Service: Cytracom
    • Action: ACCEPT
    • NAT: On [toggled]
    • IP Pool Configuration: Use Outgoing Interface Address
    • Log Allowed Traffic: Enabled (optional)
    • Enable this policy: On [toggled]

fortigate_PolicyIncoming.PNG

  • Fill in the options below for the Outbound rule like so:
    • Name: Cytracom [Optional]
    • Incoming Interface: LAN
    • Outgoing Interface: WAN
    • Source: all
    • Destination: Cytracom
    • Schedule: always
    • Service: all
    • Action: ACCEPT
    • NAT: On [toggled]
    • IP Pool Configuration: Use Outgoing Interface Address
    • Log Allowed Traffic: Enabled (optional)
    • Enable this Policy: On [toggled]

fortigate_PolicyOutgoing.PNG

  • To create a traffic shaper navigate to Policy & Objects
  • Scroll down and select the option Traffic Shapers
  • Click the option to add new
  • Fill in the options below for the Traffic Shaper like so:
    • Type: [Shared]
    • Name: "Cytracom" [optional]
    • Traffic Priority: [Selection: High]
    • Guaranteed Bandwidth: [90kbps multiplied by the number of phones on the network]
  • Scroll to the bottom and select OK to save

fortigate_trafficShaper.png

  • Then to create a Traffic Shaping Policy navigate to Policy & Objects
  • Scroll down and select the option Traffic Shaping Policy
  • Click the option to add new
  • Fill in the options below for the Traffic Shaping Policy like so:
    • Status: Enabled
    • Source: Cytracom
    • Destination: All
    • Service: Cytracom
    • Outgoing Interface
    • Shared Shaper: Enabled [Selection: Cytracom]
  • Scroll to the bottom and select OK to save

fortigate_ShapingPolicy.png

DNS and Web Filter

fortigate_dnsfilter.png

-----

fortigate_webfilter.png

Open the Terminal and input these commands via Putty or the built in Command Line to setup the desired options.

Setting UDP Timeout to desired value for SIP:

CLI_UDP_timeout.png

Disabling SIP ALG:

CLI_SIP_ALG_1.png

CLI_SIP_ALG_2.png

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request